<?php
require_once('environment.php');
if($acc->isLogged()) die("Why are you here? You're already logged in!");
$temp->currentPage("Home >> Account >> Password Recovery");
$temp->generate();

function throwError($what){
    $what = htmlentities($what);
    print change_site("accRecovery.php?error={$what}");
    die();
}


if(!fixArr($_POST, "name") && !fixArr($_GET, "name")){
    print "<span style=\"color: red;\">".(fixArr($_GET, "error") ? fixArr($_GET, "error") : "")."</span>";
    print "<form method=\"POST\" action=\"\">\n";
    print "<label>Username: <input type=\"text\" name=\"name\" /></label><br />\n";
    print "<input type=\"submit\" value=\"Submit\" /> <input type=\"reset\" value=\"Reset\" />\n";
    print "</form>\n";
}else{
    if(!fixArr($_POST, "answer")){
        $name = fixArr($_POST, "name");
        $sql = $db->Execute("SELECT * FROM `monster`.`admins` WHERE `Name` = ? LIMIT 1", array($name));
        if($sql->RecordCount() == 1){
            $row = $sql->FetchRow();
            print "<form method=\"POST\" action=\"accRecovery.php?name={$name}\">\n";
            print "Security question: ".htmlentities($row['SecurityQuestion'])."<br />\n";
            print "<label>Answer: <input type=\"text\" name=\"answer\" /></label><br />\n";
            print "<input type=\"submit\" value=\"Submit\" /> <input type=\"reset\" value=\"Reset\" />";
            print "</form>\n";
        }else{
            throwError("An administrator with that name does not exist.");
        }
    }else{
        $name = fixArr($_GET, "name");
        $answer = fixArr($_POST, "answer");
        $newPass = $acc->recoverPassword($name, $answer);
        if(is_array($newPass)){
            throwError($newPass[1]);
        }else{
            print "Your password has been changed.<br />\nPlease use the following password to login and then change it to one you can remember.<br />\n";
            print "<b>New Password</b>: {$newPass}";
        }
    }
}
?>
